Creating groups of users lets you assign roles to the group
instead of to individual users.

Two different types of groups are available. You can manually
create a group and add users and other groups to it. You can also
create dynamic groups that automatically include all users who meet
a specified set of rules.

Users may experience a slower response time if they belong to
many groups (for example, 500 or more) or if the groups are nested
deeply (for example, 30 levels). If you are experiencing this problem,
you can configure AEM forms to pre-fetch information from certain
domains. (See Configure
AEM forms to prefetch domain information.)

Create a group manually

When you manually create a group, you can add users and
other groups to it and assign roles to the group. You can also associate
the group with a parent group.

If you are using Content Services (Deprecated), you can select
the Select This Option For Pushing Users And Groups Into Registered
External Principal Storage Providers option on the Domain Management
page to push the information for any new users or groups that you
create in Content Services (Deprecated).

Complete the General Settings section and click Next. Canonical
Name and Group Name are mandatory attributes.

The Canonical
Name is a unique identifier for the group. Each group and user in
a domain must have a unique canonical name. Select the System Generated checkbox
to let User Management assign a unique value, or clear the checkbox
and specify a custom value for the Canonical Name.

Avoid using
underscore characters (_) in canonical names, for example, sample_group.
When you search for groups based on their canonical name, those
containing underscore characters are not returned.

To add users and groups to this new group, click Find Users/Groups
and do these tasks:

In the Find box, type your search
criteria.

In the In list, select Users, Groups, or Users and Groups.

In the Using list, select Name, Email, or User ID.

Select the domain, select the number of items to display
and click Find.

In the search results, select the check boxes for the users
and groups to add to this new group and click OK.

Click Next.

To add this new group to other existing groups, click Find
Groups and do these tasks:

In the Find box, type your
search criteria.

Select the domain, select the number of items to display,
and click Find.

In the search results, select the check boxes for the groups
that the new group belongs to and click OK.

Click Next.

To assign roles to the group, click Find Roles, select the
check boxes for each role to assign to the group and click OK. Users
in the group inherit roles that are assigned at the group level.

Click Finish.

Create a dynamic group

In a dynamic group, you do not individually select the
users who belong to the group. Instead, you specify a set of rules
and all users who meet those rules are automatically added to the
dynamic group.

Use one of these two ways to create dynamic groups:

Enable the automatic creation of dynamic groups based
on email domains, such as @adobe.com. When you enable this feature,
User Management creates a dynamic group for each unique email domain
in the AEM forms database. Use a cron expression to specify how
often User Management searches the AEM forms database for new email
domains. These dynamic groups are added to the DefaultDom local
domain and are named "All users with an [email domain] mail
ID."

Create a dynamic group based on specified criteria, including
the user’s email domain, description, canonical name, and domain
name. To belong to the dynamic group, a user must meet all the specified
criteria. To set up an "or" condition, create two separate dynamic
groups and add them both to a local group. For example, use that
approach to create a group of users who belong to the @adobe.com
email domain or whose canonical name contains ou=adobe.com. However,
the users do not necessarily have to meet both conditions.

A dynamic group contains only users. It cannot contain other
groups. However, a dynamic group can belong to a parent group.

Automatically create dynamic groups
based on email domains

Specify when User Manager checks for new email domains. This
time should be after the domain synchronization time because the
creation of dynamic groups is logical only if the domain synchronization
is completed.

To enable automatic synchronization on a daily basis, type the time in the 24-hour format in the Occurs Daily At box. When you save your settings, this value is converted to a cron expression, which is displayed in the box below.

To schedule synchronization on a particular day of the week or month, or in a particular month, select type the appropriate cron expression in the box. The default value is 0 00 4 ? * * (which means check at 4 A.M. every day).

The cron expression usage is based on the Quartz open source job-scheduling system, version 1.4.0.

Create a dynamic group based on
specified criteria

Complete the General Settings section. Group Name is a mandatory
attribute. You can assign the group to any configured domain.

Under Dynamic Group Criteria, specify one or more attributes
used to populate the dynamic group.

Note:

The
Email, Description, and Canonical Name attributes are case-sensitive when
using the Equals operator. They are not case-sensitive with the
Starts With, Ends With, or Contains operators.

Email: User’s
email domain, such as @adobe.com.

Description: User’s
description, such as "Computer Scientist"

Canonical Name: User’s
canonical name, such as ou=adobe.com

Domain Name: The
name of the domain to which the user belongs, such as DefaultDom.
The Domain Name attribute is case-sensitive when using the Contains
operator. It is not case-sensitive with the Starts With, Ends With,
or Equals operators.

If the test returned the expected results, click Next. Otherwise,
edit the dynamic group criteria and test again.

To add the dynamic group to a parent group, click Find Groups
and do these tasks:

In the Find box, type your search
criteria.

Select the domain, select the number of items to display,
and click Find.

In the search results, select the check boxes for groups
that the dynamic group belongs to and click OK.

Click Next.

To assign roles to the dynamic group, click Find Roles, select
the check boxes for each role to assign to the group, and then click
OK. Users in the group inherit roles that are assigned at the group
level.